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DETAILED ACTION 
Docketing 

1 . Please note that the application has been re-docketed to a different examiner. 
Please refer all future communications regarding this application to the examiner of 
record using the information supplied in the final section of the Office action. 

This Office action is responsive to the Applicant's Amendment filed 01/22/2007. 

Claims 1,2, 6, 17, 19, 20, 23-24, 34, and 36-39 are amended. 

Claims 14-15 are canceled. 

Claims 1-13 and 16-39 remain for examination. 

Response to Arguments 

2. Applicant's arguments with respect to claims 1-13 and 16-39 have been 
considered but are moot in view of the new ground(s) of rejection with Ylonen. 

Claim Objections 

3. Claims 1 and 37 are objected to because of the following informalities: "the 
filtering complex" should be - the filter complex-. Appropriate correction is required. 

Claim Rejections - 35 USC § 103 

The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set 
forth in section 102 of this title, if the differences between the subject matter sought to be patented and 
the prior art are such that the subject matter as a whole would have been obvious at the time the 
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invention was made to a person having ordinary skill in the art to which said subject matter pertains. 
Patentability shall not be negatived by the manner in which the invention was made. 

4. Claims 1-12, 16-30, 32-37 are rejected under 35 U.S.C. 103(a) as being 

unpatentable over Afek et al. (US PG Pub. 2002/0083175 A1) hereinafter Afek in view 

of Ylonen et al. (US PG Pub. 2003/0110379 A1) hereinafter Ylonen. 

Regarding Claim 1, Afek discloses a method for redirecting network message 
traffic comprising 

receiving an indication (see page 1 3, [0284]) of undesirable message traffic 
(see page 10, [0252], "overload traffic") directed to a particular target node (page 10, 
[0252], victim machines) via a first transport mechanism (see page 10, H [0252], 
communication channel) in a communications network (see page 10, [0245]); 

rerouting all message traffic (see page 13, H [0286], rerouting) carried via the first 
transport mechanism (see page TO, U [0252], communication channel) in the 
communications network (see page 10, U [0245] ), and directed to the particular target 
node (page 10, U [0252], victim machines), to a filter complex (see page 9, U [0242]) 
operable to distinguish desirable message traffic (see page 11, [0261], appropriate 
message) from undesirable message traffic (see page 1 0, [0252], "overload traffic"); 
and 

directing the filtering complex (see page 9, U [0242]) to transmit, via a second 
transport mechanism (see page 10, U [0252], secure channel as SSH) over the 
communications network (see page 10, U [0245]), the desirable message traffic (see 
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page 11, U [0261], appropriate message) to the target node (page 11, U [0261], victim 
machines), 

directing the filter complex further comprises propagating routing information 
according to a predetermined protocol (see page 2, If [0016]). 

Afek does not disclose "routing information operable to designate the target 
node, as the destination of the message according to the second transport mechanism." 

However, Ylonen expressly discloses routing information operable to designate 
the target node, as the destination of the message according to the second transport 
mechanism (see page 3, [0039]). 

Therefore, it would have been obvious to one of ordinary skill in the art at the 
time the invention was made to have incorporated Ylonen's reference with Afek to 
include routing information operable to designate the target node, as the destination of 
the message according to the second transport mechanism. One of ordinary skill in the 
art would have been motivated to do so because the processed packet should be 
directed towards their original destination as taught by Ylonen (see page 3, U [0026]). 

Regarding Claims 19 and 37, Afek discloses a network management server (see 
page 10, U [0252], "NOC (Network Operations Center)", "SNMP") for redirecting 
undesirable message traffic (see page 10, If [0252], "overload traffic") comprising: 

a network intrusion detector monitor operable to receive an indication (see page 
10, H [0252], sending authenticated messages, signal ) of undesirable message traffic 
(see page 10, 1] [0252], "overload traffic") directed to a particular target node (page 10, U 
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[0252], victim machines) via a first transport mechanism in a communications network 
(see page 10, [0252], communication channel); 

a routing processor operable to propagate routing information from a routing 
table database to reroute all message traffic (see page 10, H [0252], diverting routers) 
using the first transport mechanism (see page 10, H [0252], communication 
channel). directed to the particular target node (page 10, U [0252], victim machines); and 

a connection to a filter complex responsive to the rerouting processor (see page 
10, [0252], the guards), the filter complex operable to distinguish desirable message 
traffic from undesirable message traffic (see page 13, U [0288]), and further operable to 
transmit, via a second transport mechanism (see page 10, U [0252], secure channel as 
SSH) over the communications network, the desirable message traffic (see page 1 1 , U 
[0261], appropriate message) to the target node (page 1 1 , U [0261], victim machines), 

rerouting all message traffic (see page 13, U [0286], rerouting) further comprises 
propagating, via a standard protocol (see page 9, U [0241], Internet) corresponding to 
the first transport mechanism, a node address other than the node address 
corresponding to the target node (page 1 1 , U [0261 ], victim machines), 

the routing processor operable to direct the filter complex to propagate routing 
information according to a predetermined protocol (see page 2, ^ [0016]), 

Afek does not disclose "routing information operable to designate the target 
node, as the destination of the message according to the second transport mechanism." 
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However, Ylonen expressly discloses routing information operable to designate 
the target node, as the destination of the message according to the second transport 
mechanism (see page 3, [0039]). 

Therefore, it would have been obvious to one of ordinary skill in the art at the 
time the invention was made to have incorporated Ylonen's reference with Afek to 
include routing information operable to designate the target node, as the destination of 
the message according to the second transport mechanism. One of ordinary skill in the 
art would have been motivated to do so because the processed packet should be 
directed towards their original destination as taught by Ylonen (see page 3, U [0026]). 

Regarding Claim 36, Afek discloses in a network management server (see page 
10, H [0252], "NOC (Network Operations Center)", "SNMP") of a networked system of 
data communications devices, a method for transparently intercepting, filtering, and 
rerouting message traffic for recovering from a distributed denial of service attack 
comprising: 

detecting (see page 2, [0019]; page 13, U [0282]), at a network monitor in the 
network management server, a pattern of inundating undesirable message traffic (see 
page 10, U [0252], "overload traffic") to a particular target node (page 10, [0252], 
victim machines) via a first transport mechanism (see page 10, U [0252], communication 
channel) in a communications network (see page 10, U [0245]); 
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receiving, via a routing processor, an indication (see page 13, U [0284]) of the 
undesirable message traffic (see page 10, [0252], "overload traffic") directed to the 
particular target node (page 10, [0252], victim machines); 

transmitting, via a network interface, a reroute message (see page 1, [001 1], 
page 13, 1f [0284]) to a filter complex (see page 13, [0284], guard machines) having a 
security filter operable to distinguish desirable message traffic (see page 11,1] [0261], 
appropriate message) from undesirable message traffic (see page 10, [0252], 
"overload traffic"); and 

rerouting, via a filter routing device in the filter complex, all message traffic (see 
page 13, U [0286]) carried via the first transport mechanism (see page 10, [0252], 
communication channel) in the communications network (see page 10, U [0245]) and 
directed to the particular target node (see page 10, [0252], victim machines); 

filtering, at the security filter, the message traffic to bifurcate (see page 13, 1J 
[0293]) desirable message traffic (see page 11, U [0261], appropriate message) from 
undesirable message traffic (see page 10, [0252], "overload traffic"); transmitting, via 
the network interface to a target node router serving the target node, a redirect 
message indicating that the target node router is to receive (see page 1 , [001 1]), via 
the second transport mechanism (see page 10, [0252], secure channel as SSH), the 
desirable message traffic (see page 1 1 , H [0261], appropriate message) directed to the 
particular target node and rerouted to the filter complex (see page 13, U [0293]), the 
filter complex and the target node router conversant in the first transport mechanism 
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(see page 10, [0252], communication channel)and the second transport mechanism 
(see page 10, [0252], secure channel as SSH); and 

directing, from the network management server, the filtering complex to transmit, 
via a second transport mechanism (see page 10, [0252], secure channel as SSH) 
over the communications network (see page 10, [0245]), the desirable message traffic 
to the target node (see page 1 1 , U [0261]), 

directing the filter complex further comprises propagating routing information 
according to a predetermined protocol (see page 2, [0016]). 

Afek does not disclose "routing information operable to designate the target 
node, as the destination of the message according to the second transport mechanism." 

However, Ylonen expressly discloses routing information operable to designate 
the target node, as the destination of the message according to the second transport 
mechanism (see page 3, 1J [0039]). 

Therefore, it would have been obvious to one of ordinary skill in the art at the 
time the invention was made to have incorporated Ylonen's reference with Afek to 
include routing information operable to designate the target node, as the destination of 
the message according to the second transport mechanism. One of ordinary skill in the 
art would have been motivated to do so because the processed packet should be 
directed towards their original destination as taught by Ylonen (see page 3, [0026]). 

Regarding Claims 2 and 20, Afek and Ylonen disclose directing the filter complex 
to filter the message traffic (see page 10, [0253]) to subdivide desirable message 
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traffic (see page 1 1 , U [0261], appropriate message) from undesirable message traffic 
(see page 10, U [0252], "overload traffic"; page 13, U[0288]). ' 

Regarding Claims 3 and 21, Afek and Ylonen disclose wherein the filter complex 
further comprises a security filter having filtering logic for performing filtering (see page 
13, H [0293], rules), the security filter operable to parse the message traffic and identify 
sequences in the message traffic indicative of undesirable message traffic (see page 
13, U [0288] & [0295]). 

Regarding Claims 4 and 22, Afek and Ylonen disclose wherein the filter complex 
further includes a filter routing device in communication with other routing devices in the 
communications network (see page 14, H [0301], "working in connection with the 
routers") and coupled to the security filter for analyzing message traffic (see page 13, H 
[0293] & fl [0295]). 

Regarding Claims 5 and 23, Afek and Ylonen disclose wherein the filter routing 
device (see page 14, H [0304]) in the filtering complex (see page 14, H [0291], element 
10) is operable to communicate according to the first transport mechanism (see page 
10, H [0252], communication channel) and the second transport mechanism (see page 
10, H [0252], secure channel as SSH). 
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Regarding Claims 6 and 24, Afek and Ylonen disclose wherein the rerouting all 
message traffic (see page 13, U [0286], rerouting) includes directing the filter complex 
from a network management server in communication with the filter complex (see page 
14, [0298]), the network management server operable to send a reroute message to 
the filtering complex (see page 14, [0298]). 

Regarding Claims 7 and 25, Afek and Ylonen disclose directing a target node 
router serving the target node (page 1 1 , U [0261], victim machines) from the network 
management server (see page 10, U [0252]), the network management server operable 
to send a redirect message to the target node router (see page 1, U [0015]; page 14, 
[0298]). 

Regarding Claims 8 and 26, Afek and Ylonen disclose the reroute message (see 
page 10, [0252]) is indicative of the filtering complex receiving message traffic 
according to the first transport mechanism intended for the target node (see page 8, U 
[0214]) via the target node router serving the target node (see page 2, U [0016], victim). 

Regarding Claims 9 and 27, Afek and Ylonen disclose wherein the redirect 
message (see page 11, U [0257], alert) is indicative that the target router serving the 
target node is not to receive message traffic (see page 1 1, [0257]) according to the 
first transport mechanism corresponding to the target node (see page 1 1 , [0257], 
victim). 
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Regarding Claims 10 and 28, Afek and Ylonen disclose wherein the redirect 
message is indicative that the target node router (see page 13, fl [0290]) serving the 
target node (see page 10, [0247], "potential victims") receives the desirable message 
traffic in the second transport mechanism corresponding to the target node. 

Regarding Claims 1 1 and 29, Afek and Ylonen disclose wherein first and second 
transport mechanisms coexist on a common physical network (see Figure 1 , page 9, U 
[0240]). 

Regarding Claims 12 and 30, Afek and Ylonen disclose wherein first transport 
mechanism corresponds to a public access protocol (see page 9, [0241], IP network) 
adapted for communication via a plurality of dissimilar network switching devices (see 
page 9,1J [0241], "switches"). 

Regarding Claim 32, Afek and Ylonen disclose wherein rerouting all message 
traffic (see Afek page 13, U [0286], rerouting) further comprises propagating, via a 
standard protocol (see Afek page 9, 1J [0241], Internet) corresponding to the first 
transport mechanism, a node address other than the node address corresponding to the 
target node (page 1 1 , [0261], victim machines). 
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Regarding Claim 33, Afek and Ylonen disclose wherein directing the filter 
complex further comprises propagating routing information according to a 
predetermined protocol (see Afek page 2, 1J [0016]), the routing information operable to 
designate the target node (see Afek page 2, [0016], victim) as the destination of the 
message according to the second transport mechanism (see Ylonen page 3, U [0026]). 

Regarding Claims 16 and 34, Afek and Ylonen disclose wherein rerouting all 
message traffic is a static route (see page 2, H [0016]; page 1 1 , U [0267]), according to 
the first transport mechanism (see page 10, U [0252], communication channel), from a 
single router serving the target node (see abstract, "second set") to the filter router (see 
page 14, U [0304]) serving the filter complex (see fig. 2). 

Regarding Claim 17, Afek and Ylonen disclose wherein receiving an indication 
(see page 1 3, [0284]) further comprises detecting a recognizable pattern of inundating 
undesirable message traffic (see page 3, 1f [0039]). 

Regarding Claims 18 and 35, Afek and Ylonen disclose wherein the undesirable 
message traffic (see page 10, U [0252], "overload traffic") emanates from a plurality of 
sources (see page 1, [0002], DDOS), each of the plurality of sources independently 
contributing substantially insignificant volume of message traffic (see page 1,1] [0002], 
DDOS). 
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5. Claims 13 and 31 are rejected under 35 U.S.C. 103(a) as being unpatentable 
over Afek and Ylonen applied to claims 1 and 19 above, and further in view of Desai et 
al (U.S. PG Pub 2003/0188189) hereinafter Desai. 

Regarding Claims 13 and 31, Afek and Ylonen disclose all the limitations above. 
Afek and Ylonen do not disclose wherein the second transport mechanism corresponds 
to a virtual private network operable to encapsulate message packets of dissimilar 
protocols such that the encapsulated message packets are recognized by a routing 
protocol of the virtual private network. 

However, Desai expressly discloses wherein the second transport mechanism 
corresponds to a virtual private network" (see page 1 , [0012]; page 3, U [0044], VPNs) 
operable to encapsulate message packets of dissimilar protocols such that the 
encapsulated message packets are recognized by a routing protocol of the virtual 
private network (see page 1 , [0012]; page 3, [0044], VPNs). 

Therefore, it would have been obvious at the time the invention was made to a 
person having ordinary skill in the art to which said subject matter pertains to have 
modified Ylonen's reference with Afek which disclose use of SSH (see Afek, page 10, H 
[0252], "SSH") to include the use of Virtual private network like in Desai's reference for 
the purpose to ensure secure data transfer (see Desai, page 3, U [0044]). 
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6. Claim 39 is rejected under 35 U.S.C. 103(a) as being unpatentable over Afek et 
al. (US PG Pub. 2002/0083175 A1) hereinafter Afek in view of Desai et al (U.S. PG Pub 
2003/0188189) hereinafter Desai. 

Regarding Claim 39, Afek discloses a network management server for redirecting 
undesirable message traffic comprising; 

means for receiving an indication (see page 13, U [0284]) of undesirable 
message traffic (see page 10, U [0252], "overload traffic") directed to a particular target 
node (page 10, 1J [0252], victim machines) via a first transport mechanism (see page 10, 
U [0252], communication channel) in a communications network (see page 10, H 
[0245]); 

means for rerouting all message traffic (see page 13, U [0286], rerouting) carried 
via the first transport mechanism (see page 10, U [0252], communication channel) in the 
communications network (see page 10, H [0245] ), and directed to the particular target 
node (page 10, U [0252], victim machines), to a filter complex (see page 9, U [0242]) 
operable to distinguish desirable message traffic (see page 11,1] [0261], appropriate 
message) from undesirable message traffic (see page 10, [0252], "overload traffic"); 
and 

means for directing the filtering complex (see page 9, [0242]) to transmit, via a 
second transport mechanism (see page 10, [0252], secure channel as SSH) over the 
communications network (see page 10, U [0245]), the desirable message traffic (see 
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page 11, [0261], appropriate message) to the target node (page 11, U [0261], victim 
machines). 

Afek does not disclose wherein the second transport mechanism corresponds to 
a virtual private network operable to encapsulate message packets of dissimilar 
protocols such that the encapsulated message packets are recognized by a routing 
protocol of the virtual private network. 

However, Desai expressly discloses wherein the second transport mechanism 
corresponds to a virtual private network" (see page 1, [0012]; page 3, U [0044], VPNs) 
operable to encapsulate message packets of dissimilar protocols such that the 
encapsulated message packets are recognized by a routing protocol of the virtual 
private network (see page 1, U [0012]; page 3, U [0044], VPNs). 

Therefore, it would have been obvious at the time the invention was made to a 
person having ordinary skill in the art to which said subject matter pertains to have 
modified Desai's reference with Afek which disclose use of SSH (see Afek, page 10, 1} 
[0252], "SSH") to include the use of Virtual private network like in Desai's reference for 
the purpose to ensure secure data transfer (see Desai, page 3, [0044]). 

7. Claim 38 is rejected under 35 U.S.C. 103(a) as being unpatentable over Afek et 
al. (US PG Pub. 2002/0083175 A1) hereinafter Afek in view of Ylonen et al. (US PG 
Pub. 2003/01 10379 A1) hereinafter Ylonen and further in view of Desai et al (U.S. PG 
Pub 2003/0188189) hereinafter Desai. 
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Regarding Claim 38, Afek discloses an encoded set of processor based 
instructions tangible encoded on a computer readable medium embodying program 
code for redirecting network message traffic comprising: 

program code for receiving an indication (see page 13, [0284]) of undesirable 
message traffic (see page 10, U [0252], "overload traffic") directed to a particular target 
node (page 10, U [0252], victim machines) via a first transport mechanism (see page 10, 
U [0252], communication channel) in a communications network (see page 10, U 
[0245]); 

program code for rerouting all message traffic (see page 13, U [0286], rerouting) 
carried via the first transport mechanism (see page 10, U [0252], communication 
channel) in the communications network (see page 10, U [0245] ), and directed to the 
particular target node (page 10, [0252], victim machines), 

means for directing the filter complex further comprises: means for propagating 
routing information according to a predetermined protocol (see page 2, [0016]). 

Afek does not disclose "routing information operable to designate the target 
node, as the destination of the message according to the second transport mechanism." 

However, Ylonen expressly discloses routing information operable to designate 
the target node, as the destination of the message according to the second transport 
mechanism (see page 3, U [0039]). 

Therefore, it would have been obvious to one of ordinary skill in the art at the 
time the invention was made to have incorporated Ylonen's reference with Afek to 
include routing information operable to designate the target node, as the destination of 
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the message according to the second transport mechanism. One of ordinary skill in the 
art would have been motivated to do so because the processed packet should be 
directed towards their original destination as taught by Ylonen (see page 3, [0026]). 

Afek and Ylonen disclose all the limitations of Claim 38 above. Afek and Ylonen 
do not disclose "wherein the second transport mechanism corresponds to a virtual 
private network operable to encapsulate message packets of dissimilar protocols such 
that the encapsulated message packets are recognized by a routing protocol of the 
virtual private network." 

However, Desai expressly discloses wherein the second transport mechanism 
corresponds to a virtual private network" (see page 1, [0012]; page 3, [0044], VPNs) 
operable to encapsulate message packets of dissimilar protocols such that the 
encapsulated message packets are recognized by a routing protocol of the virtual 
private network (see page 1 , 1f [0012]; page 3, U [0044], VPNs). 

Therefore, it would have been obvious at the time the invention was made to a 
person having ordinary skill in the art to which said subject matter pertains to have 
modified Desai's reference with Afek and Ylonen which disclose use of SSH (see Afek, 
page 10, [0252], "SSH") to include the use of Virtual private network like in Desai's 
reference for the purpose to ensure secure data transfer (see Desai, page 3, [0044]). 

Conclusion 

8. Applicant's amendment necessitated the new ground(s) of rejection presented in 
this Office action. Accordingly, THIS ACTION IS MADE FINAL. See MPEP 
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§ 706.07(a). Applicant is reminded of the extension of time policy as set forth in 37 
CFR 1.136(a). 

A shortened statutory period for reply to this final action is set to expire THREE 
MONTHS from the mailing date of this action. In the event a first reply is filed within 
TWO MONTHS of the mailing date of this final action and the advisory action is not 
mailed until after the end of the THREE-MONTH shortened statutory period, then the 
shortened statutory period will expire on the date the advisory action is mailed, and any 
extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of 
the advisory action. In no event, however, will the statutory period for reply expire later 
than SIX MONTHS from the date of this final action. 

Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Baotran N. To whose telephone number is 571-272- 
8156. The examiner can normally be reached on Monday-Friday from 8:00 to 4:30. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Kim Y. Vu can be reached on 571-272-3859. The fax phone number for the 
organization where this application or proceeding is assigned is 571-273-8300. 



Application/Control Number: 10/620,981 



Page 19 



Art Unit: 2135 

Information regarding the status of an application may be obtained from the 
Patent Application Information Retrieval (PAIR) system. Status information for 
published applications may be obtained from either Private PAIR or Public PAIR. 
Status information for unpublished applications is available through Private PAIR only. 
For more information about the PAIR system, see http://pair-direct.uspto.gov. Should 
you have questions on access to the Private PAIR system, contact the Electronic 
Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a 
USPTO Customer Service Representative or access to the automated information 
system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. 
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